Overview

overview

10

Static

static

2355df7559...3f.exe

windows7_x64

8

2355df7559...3f.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2355df7559b137125f35cc373a6fe4bd967b91fd207e705868f6d25a1e60003f.exe

  • Size

    4.2MB

  • MD5

    470602a8aa144556803374fb94a210aa

  • SHA1

    a04b54e71646fd4f70fec7a24b44932079755f5e

  • SHA256

    2355df7559b137125f35cc373a6fe4bd967b91fd207e705868f6d25a1e60003f

  • SHA512

    24020ea5d03d5b4527d24b7cc531729771e714e180d85fca8b1a8e01211f1e21fb339ffdcd6d04c1df8a1c2414fe281d86039be025ea92c72ffb3325cc1221eb

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2355df7559b137125f35cc373a6fe4bd967b91fd207e705868f6d25a1e60003f.exe
    "C:\Users\Admin\AppData\Local\Temp\2355df7559b137125f35cc373a6fe4bd967b91fd207e705868f6d25a1e60003f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
      2⤵
      • Executes dropped EXE
      PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
    MD5

    819e74edb55fc837f0ae6422473910f7

    SHA1

    97bd0ede064e9137de96e1d709cda83c3670f718

    SHA256

    f34609e99e5629d8b8661aad4bd8ce66eb2378bc06ffabe5be5f73f4a9de60d1

    SHA512

    9610b453d6c1afd5758518217b48c46e50c8864c8dd3f4e61c453a3186b07f459c8e8d352f6aa8022df428fad6f80f586272f5dbdc1b40c20415568ac4507caa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\InstallUtil.exe
    MD5

    819e74edb55fc837f0ae6422473910f7

    SHA1

    97bd0ede064e9137de96e1d709cda83c3670f718

    SHA256

    f34609e99e5629d8b8661aad4bd8ce66eb2378bc06ffabe5be5f73f4a9de60d1

    SHA512

    9610b453d6c1afd5758518217b48c46e50c8864c8dd3f4e61c453a3186b07f459c8e8d352f6aa8022df428fad6f80f586272f5dbdc1b40c20415568ac4507caa

    Download Submit

  • memory/1588-54-0x000007FEF5123000-0x000007FEF5124000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1588-55-0x00000000008B0000-0x0000000000CE6000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/1588-56-0x00000000007C0000-0x00000000007E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1588-57-0x000000001C240000-0x000000001C242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1588-58-0x0000000000860000-0x00000000008A0000-memory.dmp

    Filesize

    256KB

    Download